Privacy Policy

Last Updated: December 1, 2016.

This Privacy Policy outlines how Cardiio, Inc. (“Cardiio,” “we,” “us”, or ”our”) may gather and use personally identifiable user information (“Personal Data”), and non-personally identifiable user information (“Anonymous Data”) when you access our website, located at cardiio.com (the “Site”), or download and interact with the Cardiio iOS application, “Cardiio: Heart Rate Monitor” (the “App”). Please read this policy carefully before accessing and using the Site or downloading and using the App.

What We Collect

Personal Data

Personal Data is data that can be used to identify or contact you. Cardiio is strongly committed to protecting the privacy of its user community. The App requires access to the camera on your device in order to measure your heart rate. Images from the camera feed are processed locally on your device and cleared immediately afterwards. We do not collect any images obtained from the camera feed. We do not require or offer any form of registration, allowing you to access the Site and use the App without providing any Personal Data.

Communications with us. When you send us emails such as customer support inquiries, we may maintain those communications and their contents so that we can resolve your inquiries or otherwise assist you.

Anonymous Data

Anonymous Data refers to data that by itself does not permit the identification of a specific individual. We collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with the App or the Site. We may collect the following types of Anonymous Data when you use the App or the Site.

Data you enter in the App. We may collect the age, gender, weight, health conditions, note, state of measurement, and duration of activity that you enter in the App. You can always refuse to supply user data, with the caveat that it may prevent you from engaging in certain App-related content.

Measurement data produced by the App. We may collect the app version, device hardware model, device operating system (OS) version, language and region settings, timestamp, measurement mode (finger/face), heart rate, and waveforms related to your heart signal obtained from the processing of the camera input.

Geolocation information. We may collect the geolocation (e.g. GPS) of your mobile device at the time of a saved measurement only with your permission. We do not access or track your geolocation information in the background.

App crash reports. When the App crashes, we may collect information relating to the crash including device state, device hardware model, device OS version, and software processes that triggered the crash. This information is collected using Crashlytics. You can review Crashlytics’ privacy policy.

App usage and interactions. We may collect statistics about the behavior of users of the App to understand how they interact with the App and for error reporting. For instance, we may monitor which part of the App and its related features you are interested in and your usage patterns. These statistics are collected using Flurry Analytics. You can review Flurry’s privacy policy. You can choose to opt-out of any monitoring activities here: http://www.flurry.com/user-opt-out.html.

Website usage and interactions. Our website uses Google Analytics to help understand how visitors interact with our website so that the Site can be improved. You can read Google’s security and privacy policies for Google Analytics. You can choose not to have your data used by Google Analytics by downloading their opt-out browser add-on. By accessing or using the Site, you agree to the terms of this Privacy Policy.

How We Use Your Data

Personal Data

If you contact us by email, we may use the email address you provide to answer your question or resolve your problem. Cardiio also may use that email address to tell you about new features, solicit your feedback, or just keep you up-to-date with Cardiio and our products. You can always opt out of email marketing by clicking on the “Unsubscribe” link appended to the end of a promotional email from us.

Cardiio deems Personal Data confidential and does not disclose such information without the express informed consent of the user. User consent shall be secured through an express action by the user such as clicking a check-box, providing an electronic signature, or other substantially similar method, after clear and conspicuous disclosure immediately above such check-box or electronic signature indicating that the user is agreeing to the disclosure of his or her information by Cardiio. A pre-checked box will not be considered evidence of consent. Cardiio will not release Personal Data to any person or organization not specifically authorized by the individual user, unless such disclosure is required pursuant to a lawful request from a federal, state, local, or foreign law and civil enforcement agencies. If Cardiio discloses Personal Data pursuant to such a request, it shall notify users. We will not rent or sell Personal Data to anyone.

We may need to employ third-party service providers (“Contractors”) to help us provide and maintain our services and business (such as database hosting companies, email service providers, and other similar service providers). These Contractors may have limited access to Personal Data to perform services on our behalf or to comply with legal requirements, and are contractually obligated to safeguard any Personal Data received from us. Allowing Contractors access to Personal Data is not considered a disclosure of such information under this Privacy Policy. By consenting to this Privacy Policy, you agree to permit these Contractors to have access to your Personal Data.

The App allows you to share content with third-party social networking sites (e.g. Facebook, Twitter) and apps (e.g. Apple Health, Runkeeper). If you choose to do this, your interactions with these third parties are governed by the privacy policy of the company providing them, not by Cardiio’s Privacy Policy. Personal health information collected and stored by Cardiio, and subsequently shared by the user via the App, may not be protected under the Health Insurance Portability and Accountability Act (“HIPAA”).

Anonymous Data

The Anonymous Data you provide allows us to perform analysis and generate the appropriate statistics relevant to you. We use the Anonymous Data to better understand our users as well as to improve the content and functionality of the App. For example, to estimate the number of calories burned, information such as age, gender, weight, and heart rate is necessary. Collecting the waveforms related to the heart signal allows us to perform research and development, improve the App, and develop new features or services. If we do collect information regarding your GPS location with your permission, we will not share such information without your express consent.

We may conduct research on our end user's demographics, interests, and behavior based on the Anonymous Data. This research may be compiled and analyzed on an aggregated basis. Cardiio may share with its affiliates, agents, and business partners this “aggregated” data compiled from the information that it collects from users. These aggregate data do not identify you personally. We may also disclose aggregated data in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes. Although these aggregated data do not identify users personally, there is a risk that third parties who receive such data from Cardiio may reidentify specific users. Prior to sharing any Anonymous Data with third parties, Cardiio, Inc. will secure in writing the express written agreement of such third parties that they will not attempt to re-identify the information to any particular individual.

Security Policy/Procedures and Standard of Care

Access to Personal and Anonymous data is limited to authorized employees, or Contractors that (i) need to know that information in order to process it on our behalf or to provide services available in the App, or (ii) that have agreed not to disclose it to others.

We take all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of Personal and Anonymous data. However, no system can be 100% secure, and, therefore, despite our best efforts, there could be unauthorized access to this data. By using the Site or the App, you accept this risk.

Data Retention

We will retain de-identified Anonymous Data for an indefinite amount of time for research and development purposes. If you contacted us via email, your email will be retained for communication purposes for a reasonable time thereafter. If you believe we have Personal Data about you that you do not want us to have or would like to request a copy of your Personal Data collected, please contact us as described below (see "Contact Us") and we will remove the data as you request or send you a copy as soon as is reasonably practicable.

Children

We do not knowingly collect Personal Data from children under the age of 13 and do not target the Site or the App to children under 13. If you are under 13, you should not provide any data to us. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us (info@cardiio.com), and we will endeavor to delete that information from our databases.

Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We may use cookies to help us identify and track visitors, their usage of the Site, and their website access preferences. If you do not wish to have cookies placed on your computers, you should set your browsers to refuse cookies before using Cardiio’s websites, with the drawback that certain features of Cardiio’s websites may not function properly without the aid of cookies.

Google Analytics cookies. Google Analytics uses first-party cookies to track visitor interactions and collect information about how visitors use the Site. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. We then use the information to compile reports and to help us improve our site. You can opt out of Google Analytics – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.

How We Respond to “Do Not Track” Signals

We do not currently recognize automated browser signals regarding tracking mechanisms, which may include "do not track" instructions. However, we do not collect Personal Data from visitors to our Site.

Business Transfers

All data generated by users of the App or created with the App shall be owned by Cardiio. If Cardiio, or substantially all of its assets, were acquired, or in the event that Cardiio goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Cardiio may continue to use your Personal Data and Anonymous Data as set forth in this Privacy Policy.

Privacy Policy Changes

Although most changes are likely to be minor, Cardiio may change its Privacy Policy from time to time and at our sole discretion. Cardiio will present the revised Privacy Policy when you open the App and will secure your express consent that requires you to physically scroll through the entire policy and, before using the App, click on a button that states: “I have read and agree to the Privacy Policy for the App.” For visitors to the Site, your continued use of the Site after any change in this Privacy Policy will constitute your acceptance of such change. We recommend that you revisit this policy from time to time to ensure you are aware of any changes.

Contact Us

If you have any questions about this Privacy Policy, please email us at info@cardiio.com.